All news with #openshift tag

Critical RBAC Flaw in Red Hat OpenShift AI Risks Clusters

⚠ Red Hat has patched a design flaw in OpenShift AI (CVE-2025-10725) with a CVSS score of 9.9 that can let an authenticated low-privilege user escalate to full cluster administrator and fully compromise clusters and hosted applications. The vulnerability stems from an overly permissive ClusterRole binding that grants broad permissions to system:authenticated. Red Hat advises removing the kueue-batch-user-role ClusterRoleBinding, tightening job-creation permissions to follow least privilege, and upgrading to fixed RHOAI images (2.19 and 2.21). Administrators should audit affected environments and apply the recommended fixes promptly.

OpenShift AI Privilege Escalation Flaw Exposes Clusters

🔒 Red Hat has disclosed a severe privilege escalation vulnerability in OpenShift AI (CVE-2025-10725) that can allow an authenticated, low-privileged user to escalate to full cluster administrator and fully compromise a deployment. The issue carries a CVSS score of 9.9 but is rated Important by Red Hat because exploitation requires an authenticated account. Affected releases include OpenShift AI 2.19, 2.21 and RHOAI. Administrators are advised to avoid broad ClusterRoleBindings such as binding kueue-batch-user-role to system:authenticated, and to grant job creation permissions only on a granular, need-to-know basis while applying vendor guidance.